MuseLegal locks every matter down to its assigned people

The fork bolts real per-matter access control onto a client portal that previously leaned on ownership and hidden buttons to keep people out.

securitymulti-tenant

MuseLegal's change introduces an explicit roster for each matter: clients, attorneys, reviewers and paralegals are listed against the matters they're actually assigned to, and partners and admins get the keys to everything. Documents, portal messages, tasks, intake submissions and downloadable files all inherit the same rule - if you're not on the matter, you don't see it.

The part worth noting is that the check runs twice: once in the application and once in the database itself, so a slip in the app layer still gets caught underneath. It's freshly merged and the team flags a few loose ends - some configuration isn't bundled in, it sits alongside the original sharing logic, and no tests shipped with it - so treat it as a strong skeleton rather than a finished feature.

So what Anyone running a client portal where the wrong person seeing the wrong matter is a real liability should look at how this is structured.

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

SHA	Subject	Author	Date
`b0ce349f`	Add matter_participants-based portal access controls	Griot Vault	2026-05-03	↗ GitHub

SHA

Subject

Author

Date

b0ce349f

Add matter_participants-based portal access controls

Griot Vault

2026-05-03

↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-290.md from inside the repo you want the changes in.

MuseLegal locks every matter down to its assigned people

Commits in this thread

Capture this thread into my fork